You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Hrishikesh Gadre (JIRA)" <ji...@apache.org> on 2017/12/20 19:28:00 UTC

[jira] [Created] (SENTRY-2107) Solr plugin should use short username instead of user principal for authorization check

Hrishikesh Gadre created SENTRY-2107:
----------------------------------------

             Summary: Solr plugin should use short username instead of user principal for authorization check
                 Key: SENTRY-2107
                 URL: https://issues.apache.org/jira/browse/SENTRY-2107
             Project: Sentry
          Issue Type: Improvement
    Affects Versions: 2.0.0
            Reporter: Hrishikesh Gadre
            Assignee: Hrishikesh Gadre
            Priority: Minor


Currently Solr authorization framework provides only user principal as part of the authorization context. Authorization service like Sentry, on the other hands, requires a short username to enforce the authorization checks. Currently this is achieved by explicitly transforming user principal to short user name using Hadoop KerberosName class. This is not a good design since it assumes that only kerberos authentication mechanism is used with sentry (which is not always the case e.g. solr supports ldap based authentication).

SOLR-10814 fixes this issue by providing short user name as part of the authorization context. This jira is to utilize the new api on the sentry side. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)